Xen project Mailing List

Re: [Xen-devel] [PATCH] hvmloader / qemu-xen: Getting rid of resource conflict for OpRegion.

To: "G.R." <firemeteor@xxxxxxxxxxxxxxxxxxxxx>

From: Jean Guyader <jean.guyader@xxxxxxxxx>

Date: Thu, 20 Dec 2012 11:44:09 -0800

Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Thu, 20 Dec 2012 19:44:52 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, Dec 20, 2012 at 7:06 AM, G.R. <firemeteor@xxxxxxxxxxxxxxxxxxxxx> wrote: > On Thu, Dec 20, 2012 at 10:19 PM, Keir Fraser <keir@xxxxxxx> wrote: >> On 20/12/2012 13:31, "G.R." <firemeteor@xxxxxxxxxxxxxxxxxxxxx> wrote: >> >>> If concern is about security, the same argument should apply to the >>> first page (the portion before the page offset). >>> The problem is that I have no idea what is around the mapped page. Not >>> sure who has the knowledge. >> >> Well we can't do better than mapping some whole number of pages, really. >> Unless we trap to qemu on every access. I don't think we'd go there unless >> there really were a known security issue. But mapping only the exact number >> of pages we definitely need is a good principle. >> >>> What's the standard flow to handle such map with offset? >>> I expect this to be a common case, since the ioremap function in linux >>> kernel accept this. >> >> map_size = ((host_opregion & 0xfff) + 8096 + 0xfff) >> 12 >> > Keir, I believe this expression should give the same result. > First of all, 8096 should be 8192 :-), and this part should result in > an constant number 2 after right shift. > The remaining part is ((host_opregion & 0xfff) + 0xfff) >> 12 > As long as the first sub-expression is non zero, the result of the add > should range from [0x1000, 0x1ffe]. > And this will yield a result '1' after the right shift. > So as long as there is known security risk (which I'm not sure about), > the patch should be fine. > >> Possibly with suitable macros used instead of magic numbers (e.g., XC_PAGE_* >> and a macro for the opregion size). > > I guess there is no predefined macro for OpRegion size. And I guess I > need to define it twice for both code? > Changing the OpRegion mapping to 3 pages if probably the right thing to do here. If down the road we found some scary security problem we can emulate the device in Qemu. Thanks for looking into this. Jean _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.